Share!

If mod_autoindex is installed and enabled, files and directories will be listed whenever you're browsing a directory and no DirectoryIndex files (normally configured as index.html, index.htm, index.php, welcome.html) are present in that directory.

It's a very useful feature but for security reasons you might disable directory browsing.

Disable directory listing in Apache:

Disable Apache directory listing by disabling mod_autoindex

The easiest way is probably to disable the autoindex module entirely. This would affect all the sites hosted on the server, which could be both good and bad.

The module is called autoindex, and can be disabled by the a2dismod command, as in the following example.

$ sudo a2dismod autoindex

Disable Apache directory listing by Directory's Options directive

The option could be applied per-directory, via the Directory's Option directive as the following.

<Directory /var/www/mysite>
    Options -Indexes
</Directory>

Notice that it's -Indexes and not +Indexes

This could be set in your Apache's configuration file.

Disable Apache directory listing via .htaccess

The above method would also work by adding a .htaccess file with the following content that you want directory listing to be disabled.

Options -Indexes

Restart Apache for the changes to take effect

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)